The adoption of technology by finance functions has been slow but has accelerated in the recent past. Enterprise performance management (EPM) tools like hostanalytics, financial controls automation like Blackline, and general ledger/ERP solutions like Net Suite are gaining acceptance. So why is it that approximately 80% of public companies continue to use Microsoft Office (Word & Excel) for their financial compliance (e.g., COSO, SOX, MAR) programs?
One factor is the cost and complexity of many of the initial financial compliance (governance, risk and compliance or GRC) software offerings that quickly came to market following the passage of the Sarbanes-Oxley Act (SOX). 2002 was “pre-Cloud” and prior to most companies employing “Virtual Machines”. As such, GRC software typically required purchasing and implementing a separate server within the enterprise IT architecture, purchasing the GRC software which typically had a low six figure price tag, compiling a multi-function team to implement the software, and then train users and either upload or populate the existing Word/Excel compliance data. Essentially all GRC products included pricing by user or tranches of users (“seats”) which, combined with the need for training, limited the number of users in the organization due to recurring cost considerations. Many of the hurdles associated with these early post-SOX solutions have been overcome with current solutions but perhaps the “scars” of these early solutions remain and contribute to the hesitancy among most to implement a solution.
According to Geoffrey Moore in his Crossing the Chasm, the initial wave of adoption of a technology requires “visionaries” willing to pilot and then “pragmatists” (the early adopters) that are open-minded to the adoption of technology that is beyond the pilot stage. In my experience, the lack of “visionaries” is the primary barrier to the adoption of current cloud-based GRC solutions. For better or worse, the finance/audit/compliance fields attract mainly professionals that are conservative by nature. Finance Is typically the function that crushes the dreams of the design, development, marketing and IT functions during project/budget review sessions. Many times for good reasons and to the betterment of the organization. Sadly, this conservative perspective leads many (most) finance functions to cling to MS Office rather than leverage cloud technologies to improve both the efficiency and effectiveness of their compliance activities. While most compliance professionals implicitly understand that an effective internal control framework with linked control activities and testing requires a database program; our conservative nature leads us to cling to spreadsheets. We need some “visionaries” to lead the way.
Compliance professionals are very familiar with the struggle for budget dollars. Our functions are unlikely to add to the top line and so we must demonstrate the ability to affect the bottom line. An additional challenge is the view of senior management and the Board that compliance is a “cost of doing business”. This creates a Catch-22 for compliance professionals who can more easily demonstrate the benefits of their activities to the organization through use of a “cloud” GRC solution but who cannot invest the dollars in a solution because that will merely increase their “cost of doing business”. Hopefully, the reduced financial risk of “cloud” solutions with their subscription-based model and hosting, thereby avoiding the dreaded “implementation”, will encourage the “pragmatists” amongst us to forge ahead with a GRC solution that will demonstrate how the organization can leverage compliance for process improvement and bottom-line results.
As our colleagues adopt “cloud” solutions for their critical activities (noted above), they will implicitly understand the benefits of moving away from MS Office for their critical activities. We no longer need to champion the benefits of “cloud” as these are already well understood. In fact, if we wait too long perhaps we’ll be viewed, ironically, as “behind the curve” and wasteful. It is time for us to move away from the drudgery of spreadsheets to a cloud-based GRC solution that will improve our efficiency, effectiveness and gratification as we leverage compliance to improve our organizations.
About the Author
Glenn Murphy, the co-founder of BestGRC and founder of GRC Management Consulting LLC, primarily focuses on empowering entities to leverage their compliance activities through the BestGRC “cloud” software, his consulting work, publications, and the “Leverage Compliance” blog. Glenn provides licensee compliance audits in conjunction with Licensing Compliance Group and Penetration Tests/SOC for Cyber/SOC 2/3 Assessments in conjunction with Ra Security Systems. Find Glenn’s full profile at http://www.linkedin.com/in/glenntmurphy/, follow him @GlennMurphyGRC and subscribe to the Leverage Compliance blog at http://www.bestgrc.com/blog/